Prepare fix for Docker Desktop in Windows

compose/mac_win.yml

@@ -53,6 +53,7 @@ services:
      - ${TPOT_DOCKER_COMPOSE}:/tmp/tpot/docker-compose.yml:ro
      - ${TPOT_DATA_PATH}/blackhole:/etc/blackhole
      - ${TPOT_DATA_PATH}:/data
+     - /var/run/docker.sock:/var/run/docker.sock:ro
 
 
 ##################
@@ -190,32 +191,6 @@ services:
     volumes:
      - ${TPOT_DATA_PATH}/conpot/log:/var/log/conpot
 
-# Conpot kamstrup_382
-  conpot_kamstrup_382:
-    container_name: conpot_kamstrup_382
-    restart: always
-    depends_on:
-      tpotinit:
-        condition: service_healthy
-    environment:
-     - CONPOT_CONFIG=/etc/conpot/conpot.cfg
-     - CONPOT_JSON_LOG=/var/log/conpot/conpot_kamstrup_382.json
-     - CONPOT_LOG=/var/log/conpot/conpot_kamstrup_382.log
-     - CONPOT_TEMPLATE=kamstrup_382
-     - CONPOT_TMP=/tmp/conpot
-    tmpfs:
-     - /tmp/conpot:uid=2000,gid=2000
-    networks:
-     - conpot_local_kamstrup_382
-    ports:
-     - "1025:1025"
-     - "50100:50100"
-    image: ${TPOT_REPO}/conpot:${TPOT_VERSION}
-    pull_policy: ${TPOT_PULL_POLICY}
-    read_only: true
-    volumes:
-     - ${TPOT_DATA_PATH}/conpot/log:/var/log/conpot
-
 # Cowrie service
   cowrie:
     container_name: cowrie
@@ -303,7 +278,7 @@ services:
      - "81:81"
      - "135:135"
      # - "443:443"
-     - "445:445"
+     # - "445:445"
      - "1433:1433"
      - "1723:1723"
      - "1883:1883"

docker/tpotinit/dist/entrypoint.sh

@@ -7,14 +7,17 @@ exec > >(tee /data/tpotinit.log) 2>&1
 cleanup() {
   echo "# SIGTERM received, cleaning up ..."
   echo
-  echo "## ... removing firewall rules."
-  /opt/tpot/bin/rules.sh ${COMPOSE} unset
-  echo
-  if [ "${TPOT_BLACKHOLE}" == "ENABLED" ] && [ -f "/etc/blackhole/mass_scanner.txt" ];
+  if [ "${TPOT_OSTYPE}" = "linux" ];
     then
-      echo "## ... removing Blackhole routes."
-      /opt/tpot/bin/blackhole.sh del
+      echo "## ... removing firewall rules."
+      /opt/tpot/bin/rules.sh ${COMPOSE} unset
       echo
+      if [ "${TPOT_BLACKHOLE}" == "ENABLED" ] && [ -f "/etc/blackhole/mass_scanner.txt" ];
+        then
+          echo "## ... removing Blackhole routes."
+          /opt/tpot/bin/blackhole.sh del
+          echo
+      fi
   fi
   kill -TERM "$PID"
   rm -f /tmp/success
@@ -153,25 +156,42 @@ update_permissions
 
 # Check for compatible OSType
 echo
-echo "# Checking if OSType is compatible."
+echo "# Checking if OSType is set correctly."
 echo
-myOSTYPE=$(uname -a | grep -Eo "linuxkit")
-if [ "${myOSTYPE}" == "linuxkit" ] && [ "${TPOT_OSTYPE}" == "linux" ];
+myOSTYPE=$(uname -a | grep -Eo "microsoft|linuxkit")
+if [ "${myOSTYPE}" == "microsoft" ] && [ "${TPOT_OSTYPE}" != "win" ];
   then
-    echo "# Docker Desktop for macOS or Windows detected."
-    echo "# 1. You need to adjust the OSType the T-Pot .env config."
-    echo "# 2. You need to use the macos or win docker compose file."
+    echo "# Docker Desktop for Windows detected, but TPOT_OSTYPE is not set to win."
+    echo "# 1. You need to adjust the OSType in the T-Pot .env config."
+    echo "# 2. You need to copy compose/mac_win.yml to ./docker-compose.yml."
     echo
     echo "# Aborting."
     echo
+    sleep 1
     exit 1
 fi
 
-if ! [ "${myOSTYPE}" == "linuxkit" ] && ! [ -S /var/run/docker.sock ];
+if [ "${myOSTYPE}" == "linuxkit" ] && [ "${TPOT_OSTYPE}" != "mac" ];
   then
-    echo "# Cannot access /var/run/docker.sock, check docker-compose.yml for proper volume definition."
+    echo "# Docker Desktop for macOS detected, but TPOT_OSTYPE is not set to mac."
+    echo "# 1. You need to adjust the OSType in the T-Pot .env config."
+    echo "# 2. You need to copy compose/mac_win.yml to ./docker-compose.yml."
     echo
     echo "# Aborting."
+    echo
+    sleep 1
+    exit 1
+fi
+
+if [ "${myOSTYPE}" == "" ] && [ "${TPOT_OSTYPE}" != "linux" ];
+  then
+    echo "# Docker Engine detected, but TPOT_OSTYPE is not set to linux."
+    echo "# 1. You need to adjust the OSType in the T-Pot .env config."
+    echo "# 2. You need to copy compose/standard.yml to ./docker-compose.yml."
+    echo
+    echo "# Aborting."
+    echo
+    sleep 1
     exit 1
 fi
 
@@ -255,12 +275,8 @@ if [ -f "/data/uuid" ];
 fi
 
 # Check if TPOT_BLACKHOLE is enabled
-if [ "${myOSTYPE}" == "linuxkit" ];
+if [ "${TPOT_OSTYPE}" == "linux" ];
   then
-    echo
-    echo "# Docker Desktop for macOS or Windows detected, Blackhole feature is not supported."
-    echo
-  else
     if [ "${TPOT_BLACKHOLE}" == "ENABLED" ] && [ ! -f "/etc/blackhole/mass_scanner.txt" ];
       then
         echo
@@ -278,6 +294,10 @@ if [ "${myOSTYPE}" == "linuxkit" ];
         echo
         echo "# Blackhole is not active."
     fi
+  else
+    echo
+    echo "# T-Pot is configured for macOS / Windows. Blackhole is not supported."
+    echo 
 fi
 
 # Get IP
@@ -291,7 +311,7 @@ update_permissions
 
 # Update interface settings (p0f and Suricata) and setup iptables to support NFQ based honeypots (glutton, honeytrap)
 ### This is currently not supported on Docker for Desktop, only on Docker Engine for Linux
-if [ "${myOSTYPE}" != "linuxkit" ] && [ "${TPOT_OSTYPE}" == "linux" ];
+if [ "${TPOT_OSTYPE}" == "linux" ];
   then
     echo
     echo "# Get IF, disable offloading, enable promiscious mode for p0f and suricata ..."
@@ -303,10 +323,14 @@ if [ "${myOSTYPE}" != "linuxkit" ] && [ "${TPOT_OSTYPE}" == "linux" ];
     echo "# Adding firewall rules ..."
     echo
     /opt/tpot/bin/rules.sh ${COMPOSE} set
+  else
+    echo
+    echo "# T-Pot is configured for macOS / Windows. Setting up firewall rules on the host is not supported."
+    echo 
 fi
 
 # Display open ports
-if [ "${myOSTYPE}" != "linuxkit" ];
+if [ "${TPOT_OSTYPE}" = "linux" ];
   then
     echo
     echo "# This is a list of open ports on the host (netstat -tulpen)."
@@ -317,7 +341,7 @@ if [ "${myOSTYPE}" != "linuxkit" ];
     echo
   else
     echo
-    echo "# Docker Desktop for macOS or Windows detected, cannot show open ports on the host."
+    echo "# T-Pot is configured for macOS / Windows. Showing open ports from the host is not supported."
     echo 
 fi 
 
@@ -331,25 +355,20 @@ touch /tmp/success
 
 # We want to see true source for UDP packets in container (https://github.com/moby/libnetwork/issues/1994)
 # Start autoheal if running on a supported os
-if [ "${myOSTYPE}" != "linuxkit" ];
+if [ "${TPOT_OSTYPE}" = "linux" ];
   then
     sleep 60
     echo "# Dropping UDP connection tables to improve visibility of true source IPs."
     /usr/sbin/conntrack -D -p udp
+  else
     # Starting container health monitoring
     echo
     figlet "Starting ..."
     figlet "Autoheal"
     echo "# Now monitoring healthcheck enabled containers to automatically restart them when unhealthy."
     echo
-    # exec /opt/tpot/autoheal.sh autoheal
     /opt/tpot/autoheal.sh autoheal &
     PID=$!
     wait $PID
     echo "# T-Pot Init and Autoheal were stopped. Exiting."
-  else
-    echo
-    echo "# Docker Desktop for macOS or Windows detected, Conntrack feature is not supported."
-    echo
-    sleep infinity 
 fi

dps.ps1

@@ -0,0 +1,20 @@
+# Format, colorize docker ps output
+# Define a fixed width for the STATUS column
+$statusWidth = 30
+
+# Capture the Docker output into a variable
+$dockerOutput = docker ps -f status=running -f status=exited --format "{{.Names}}`t{{.Status}}`t{{.Ports}}"
+
+# Print header with colors
+Write-Host ("NAME".PadRight(20) + "STATUS".PadRight($statusWidth) + "PORTS") -ForegroundColor Cyan -NoNewline
+Write-Host ""
+
+# Split the output into lines and loop over them
+$dockerOutput -split '\r?\n' | ForEach-Object {
+    if ($_ -ne "") {
+        $fields = $_ -split "`t"
+        Write-Host ($fields[0].PadRight(20)) -NoNewline -ForegroundColor Yellow
+        Write-Host ($fields[1].PadRight($statusWidth)) -NoNewline -ForegroundColor Green
+        Write-Host ($fields[2]) -ForegroundColor Blue
+    }
+}

genuserwin.ps1

@@ -0,0 +1,12 @@
+# Run genuser.sh within tpotinit, prepare path and file
+# Define the volume paths
+$homePath = $Env:USERPROFILE + "\tpotce"
+$nginxpasswdPath = $homePath + "\data\nginx\conf\nginxpasswd"
+
+# Ensure nginxpasswd file exists
+if (-Not (Test-Path $nginxpasswdPath)) {
+    New-Item -ItemType File -Force -Path $nginxpasswdPath
+}
+
+# Run the Docker container without specifying UID / GID
+docker run -v "${homePath}:/data" --entrypoint bash -it dtagdevsec/tpotinit:24.04 "/opt/tpot/bin/genuser.sh"